=Paper=
{{Paper
|id=Vol-2994/paper2
|storemode=property
|title=Non-Linear Analytic Prediction of IP Addresses for Supporting Cyber Attack Detection and Analysis
|pdfUrl=https://ceur-ws.org/Vol-2994/paper2.pdf
|volume=Vol-2994
|authors=Alfredo Cuzzocrea,Enzo Mumolo,Edoardo Fadda,Selim Soufargi,Carson K. Leung
|dblpUrl=https://dblp.org/rec/conf/sebd/CuzzocreaMFSL21
}}
==Non-Linear Analytic Prediction of IP Addresses for Supporting Cyber Attack Detection and Analysis==
https://ceur-ws.org/Vol-2994/paper2.pdf
Non-Linear Analytic Prediction of IP Addresses for
Supporting Cyber Attack Detection and Analysis
Alfredo Cuzzocrea1 , Enzo Mumolo2 , Edoardo Fadda3 , Selim Soufargi4 and
Carson K. Leung5
1
iDEA Lab, University of Calabria, Rende, Italy
2
University of Trieste, Trieste, Italy
3
Politecnico di Torino & ISIRES, Torino, Italy
4
iDEA Lab, University of Calabria, Rende, Italy
5
University of Manitoba, Winnipeg, MB, Canada
Abstract
Computer network systems are often subject to several types of attacks. For example the distributed
Denial of Service (DDoS) attack introduces an excessive traffic load to a web server to make it unusable.
A popular method for detecting attacks is to use the sequence of source IP addresses to detect possible
anomalies. With the aim of predicting the next IP address, the Probability Density Function of the IP
address sequence is estimated. Prediction of source IP address in the future access to the server is meant
to detect anomalous requests. In this paper we consider the sequence of IP addresses as a numerical
sequence and develop the nonlinear analysis of the numerical sequence. We used nonlinear analysis
based on Volterraβs Kernels and Hammersteinβs models. The experiments carried out with datasets of
source IP address sequences show that the prediction errors obtained with Hammerstein models are
smaller than those obtained both with the Volterra Kernels and with the sequence clustering by means
of the K-Means algorithm.
Keywords
Cyber Attack, Distributed Denial of Service, Hammerstein Models
1. Introduction
User modeling is an important task for web applications dealing with large traffic flows. They
can be used for a variety of applications such as to predict future situations or classify current
states. Furthermore, user modeling can improve detection or mitigation of Distributed Denial
of Service (DDoS) attack [1, 2, 3], improve the quality of service (QoS) [4], individuate click
fraud detection and optimize traffic management. In peer-to-peer (P2P) overlay networks, IP
models can also be used for optimizing request routing [5]. Those techniques are used by severs
for deciding how to manage the actual traffic. In this context, also outlier detection methods
are often used if only one class is known. If, for example, an Intrusion Prevention System wants
to mitigate DDoS attacks, it usually has only seen the normal traffic class before and it has to
SEBD 2021: The 29th Italian Symposium on Advanced Database Systems, September 5-9, 2021, Pizzo Calabro (VV),
Italy
" alfredo.cuzzocrea@unical.it (A. Cuzzocrea); mumolo@units.it (E. Mumolo); edorardo.fadda@polito.it
(E. Fadda); selim.soufargi@unical.it (S. Soufargi); kleung@cs.umanitoba.ca (C. K. Leung)
Β© 2021 Copyright for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0).
CEUR
Workshop
Proceedings
http://ceur-ws.org
ISSN 1613-0073
CEUR Workshop Proceedings (CEUR-WS.org)
�detect the outlier class by its different behavior. In this paper we deal with the management of
DDos because nowadays it has become a major threat in the internet. Those attacks are done by
using a large scaled networks of infected PCs (bots or zombies) that combine their bandwidth
and computational power in order to overload a publicly available service and denial it for
legal users. Due to the open structure of the internet, all public servers are vulnerable to DDoS
attacks. The bots are usually acquired automatically by hackers who use software tools to scan
through the network, detecting vulnerabilities and exploiting the target machine. Furthermore,
there is also a strong need to mitigate DDoS attacks near the target, which seems to be the only
solution to the problem in the current internet infrastructure. The aim of such a protection
system is to limit their destabilizing effect on the server through identifying malicious requests.
There are multiple strategies with dealing with DDoS attacks. The most effective ones are the
near-target filtering solutions. They estimates normal user behavior based on IP packet header
information. Then, during an attack the access of outliers is denied. One parameter that all
methods have in common is the source IP address of the users. It is the main discriminant for
DDoS traffic classification. However, the methods of storing IP addresses and estimating their
density in the huge IP address space, are different. In this paper, we present a novel approach
based on system identification techniques and, in particular, on the Hammerstein models.
2. Non-Linear Analytic Prediction of IP Addresses
Data driven identification of mathematical models of physical systems (i.e. nonlinear) starts
with representing the systems as a black box. In other terms, while we may have access to
the inputs and outputs, the internal mechanisms are totally unknown to us. Once a model
type is chosen to represent the system, its parameters are estimated through an optimization
algorithm so that eventually the model mimics at a certain level of fidelity the inner mechanism
of the nonlinear system or process using its inputs and outputs. These approach is, for instance,
widely used in the related big data analytics area (e.g., [6, 7, 8, 9, 10, 11, 12, 13, 14])
In this work, we consider a particular sub-class of nonlinear predictors: the Linear-in-the-
parameters (LIP) predictors. LIP predictors are characterized by a linear dependence of the
predictor output on the predictor coefficients. Such predictors are inherently stable, and that
they can converge to a globally minimum solution (in contrast to other types of nonlinear filters
whose cost function may exhibit many local minima) avoiding the undesired possibility of getting
stuck in a local minimum. Let us consider a causal, time-invariant, finite-memory,continuous
nonlinear predictor as described in (1).
Λπ (π) = π [π (π β 1), . . . , π (π β π )] (1)
where π [Β·] is a continuous function, π (π) is the input signal and Λπ (π) is the predicted sample.
We can expand π [Β·] with a series of basis functions ππ (π), as shown in (2).
β
βοΈ
Λπ (π) = β(π)ππ [π (π β π)] (2)
π=1
where β(π) a re proper coefficients. To make (2) realizable we truncate the series to the first π
�terms, thus we obtain
π
βοΈ
Λπ (π) = β(π)ππ [π (π β π)] (3)
π=1
In the general case, a linear-in-the-parameters nonlinear predictor is described by the input-
output relationship reported in (4).
π
β π
Λπ (π) = π» β (π) (4)
β π is a row vector containing predictor coefficients and π
where π» β (π) is the corresponding
column vector whose elements are nonlinear combinations and/or expansions of the input
samples.
2.1. Linear Predictor
Linear prediction is a well known technique with a long history [15]. Given a time series π
β,
linear prediction is the optimum approximation of sample π₯(π) with a linear combination of
the π most recent samples. That means that the linear predictor is described as eq. (5).
π
βοΈ
Λπ (π) = β1 (π)π (π β π) (5)
π=1
or in matrix form as
β ππ
Λπ (π) = π» β (π) (6)
where the coefficient and input vectors are reported in (7) and (8).
β π = β1 (1) β1 (2) . . . β1 (π ) (7)
[οΈ ]οΈ
π»
β π = π (π β 1) π (π β 2) . . . π (π β π ) (8)
[οΈ ]οΈ
π
2.2. Non-Linear Predictor based on Volterra Series
As well as Linear Prediction, Non Linear Prediction is the optimum approximation of sample
π₯(π) with a non linear combination of the π most recent samples. Popular nonlinear predictors
are based on Volterra series [16]. A Volterra predictor based on a Volterra series truncated to
the second term is reported in (9).
π1
βοΈ π2 βοΈ
βοΈ π2
π₯
Λ (π) = β1 (π)π₯(π β π) + β2 (π, π)π₯(π β π)π₯(π β π) (9)
π=1 π=1 π=π
where the symmetry of the Volterra kernel (the β coefficients) is considered. In matrix terms,
the Volterra predictor is represented in (10).
β ππ
Λπ (π) = π» β (π) (10)
�where the coefficient and input vectors are reported in (12) and (12).
[οΈ ]οΈ
π β1 (1) β1 (2) . . . β1 (π )
β
π» = (11)
β2 (1, 1) β2 (1, 2) . . . β2 (π2 , π2 )
[οΈ ]οΈ
βπ π (π β 1) π (π β 2) . . . π (π β π1 )
π = (12)
π 2 (π β 1) π (π β 1)π (π β 2) . . . π 2 (π β π2 )
2.3. Non-Linear Predictor based on Functional Link Artificial Neural
Networks (FLANN)
FLANN is a single layer neural network without hidden layer. The nonlinear relationships
between input and output are captured through function expansion of the input signal exploiting
suitable orthogonal polynomials. Many authors used for examples trigonometric, Legendre
and Chebyshev polynomials. However, the most frequently used basis function used in FLANN
for function expansion are trigonometric polynomials [17]. The FLANN predictor can be
represented by eq.(13).
π
βοΈ π βοΈ
βοΈ π
Λπ (π) = β1 (π)π (π β π) + β2 (π, π) cos[πππ (π β π)]+
π=1 π=1 π=1
π βοΈ
βοΈ π
β2 (π, π) sin[πππ (π β π)] (13)
π=1 π=1
Also in this case the Flann predictor can be represented using the matrix form reported in
(10).
β ππ
Λπ (π) = π» β (π) (14)
where the coefficient and input vectors of FLANN predictors are reported in (22) and (23).
β‘ β€
β1 (1) β1 (2) . . . β1 (π )
βπ
π» = β£β2 (1, 1) β2 (1, 2) . . . β2 (π2 , π2 )β¦ (15)
β3 (1, 1) β3 (1, 2) . . . β3 (π2 , π2 )
β‘ β€
π (π β 1) π (π β 2) . . . π (π β π )
π
β
π = β£cos[ππ (π β 1)] cos[ππ (π β 2)] . . . ... cos[π2 ππ (π β π2 )]β¦ (16)
sin[ππ (π β 1)] sin[ππ (π β 2)] . . . ... sin[π2 ππ₯(π β π2 )]
2.4. Non-Linear Predictors based on Hammerstein Models
Previous research [18] shown that many real nonlinear systems, spanning from electromechan-
ical systems to audio systems, can be modeled using a static non-linearity. These terms capture
the system nonlinearities, in series with a linear function, which capture the system dynamics
as shown in Figure 1.
� p
2
2
x (n)
p3
3
x (n)
. + FIR y(n)
x(n)
.
pm .
m
x (n)
Figure 1: Representation of the Hammerstein Models
Indeed, the front-end of the so called Hammerstein Model is formed by a nonlinear function
whose input is the system input. Of course the type of non-linearity depends on the actual
physical system to be modeled. The output of the nonlinear function is hidden and is fed
as input of the linear function. In the following, we assume that the non-linearity is a finite
polynomial expansion, and the linear dynamic is realized with a Finite Impulse Response (FIR)
filter. Furthermore, in contrast with [18], we assume a mean error analysis and we postpone
the analysis in the robust framework in future work. In other word,
π
βοΈ
π§(π) = π(2)π₯2 (π) + π(3)π₯3 (π) + . . . π(π)π₯π (π) = π(π)π₯π (π) (17)
π=2
On the other hand, the output of the FIR filter is:
π¦(π) = β0 (1)π§(π β 1) + β0 (2)π§(π β 2) + . . . + β0 (π )π§(π β π ) =
π
βοΈ
= β0 (π)π§(π β π) (18)
π=1
Substituting (17) in (20) we have:
π
βοΈ π
βοΈ π
βοΈ
π¦(π) = β0 (π)π§(π β π) = β0 (π) π(π)π₯π (π β π) =
π=1 π=1 π=2
π βοΈ
βοΈ π
β0 (π)π(π)π₯π (π β π) (19)
π=2 π=1
Setting π(π, π) = β0 (π)π(π) we write
π βοΈ
βοΈ π
π¦(π) = π(π, π)π₯π (π β π) (20)
π=2 π=1
This equation can be written in matrix form as
β ππ
Λπ (π) = π» β (π) (21)
�where
β‘ β€
π(2, 1) π(2, 2) . . . π(2, π2 )
βπ
π» = β£ π(3, 1) π(3, 2) . . . π(3, π2 ) β¦ (22)
. . . π(π, 1) πΆ(π, 2) . . . πΆ(π, π )
β‘ 2
π (π β 2) π 2 (π β 3) . . . π 2 (π β π )
β€
βπ
π = β£ π 3 (π β 2) π 3 (π β 3) . . . π 3 (π β π ) β¦ (23)
π π π π π
π (π β 2) π (π β 3) . . . π (π β 1) π (π β 3) . . . π (π β π )
3. Predictor Parameters Estimation
So far we saw that all the predictors can be expressed, at time instant π, as
π
β π
Λπ (π) = π» β (π) (24)
with different definitions of the input, π β π . There are two well
β (π), end parameters vectors π»
known possibilities for estimating the optimal parameter vector.
3.1. Block-based Approach
The Minimum Mean Square estimation is based on the minimization of the mathematical
expectation of the squared prediction error π(π) = π (π) β Λπ (π)
β ππ
πΈ[π2 ] = πΈ[(π (π) β Λπ (π))2 ] = πΈ[(π (π) β π» β (π))2 ] (25)
The minimization of (25) is obtain by setting to zero the Laplacian of the mathematical expecta-
tion of the squared prediction error:
βπ» πΈ[π2 ] = πΈ[βπ» π2 ] = πΈ[2π(π)βπ» π] = 0 (26)
which leads to the well known unique solution
β β1 π
β πππ‘ = π
π» β (27)
π₯π₯ π π₯
where
β π₯π₯ (π) = πΈ[π
π
β π (π)]
β (π)π (28)
is the statistical auto-correlation matrix of the input vector π
β (π) and
β π π₯ (π) = πΈ[π (π)π
π
β (π)] (29)
is the statistical cross-correlation vector between the signal π (π) and the input vector π
β (π).
The mathematical expectations of the auto and cross correlation are estimated using
βοΈπ β βπ
β π₯π₯ (π) = π=1 π (π)π (π)
π
(30)
π
is the statistical auto-correlation matrix of the input vector π
β (π) and
βοΈπ β
β π π₯ (π) = π=1 π (π)(π)π (π)
π
(31)
π
�3.2. Adaptive Approach
Let us consider a general second order terms of a Volterra predictor
π
βοΈβ1 π
βοΈβ1
π¦(π) = β2 (π, π)π₯(π β π)π₯(π β π) (32)
π=0 π=0
It can be generalized for higher order term as
π
βοΈ π
βοΈ
(33)
{οΈ }οΈ
Β·Β·Β· ππ1 Β· Β· Β· πππ π»π π₯π1 (π), Β· Β· Β· π₯ππ (π)
π1 =1 ππ =1
where
π
βοΈ
ππ π₯π (π). (34)
π=1
For the sake of simplicity and without loss of generality, we consider a Volterra predictor based
on a Volterra series truncated to the second term
π1
βοΈ π2 βοΈ
βοΈ π2
Λπ(π) = β1 (π)π(π β π) + β2 (π, π)π(π β π)π(π β π) (35)
π=1 π=1 π=π
By defining
π» π (π) = |β1 (1), Β· Β· Β· , β1 (π1 ) , β2 (1, 1), Β· Β· Β· , β2 (π2 , π2 )| (36)
and β
π π (π) = βπ(π β 1), Β· Β· Β· , π (π β π1 ) , π2 (π β 1)
(37)
π(π β 1)π(π β 2), Β· Β· Β· , π2 (π β π2 ) |
Eq (35) can be rewritten as follows
Λπ(π) = π» π (π)π(π). (38)
In order to estimate the best parameters π», we consider the following loss function
π
βοΈ ]οΈ2
ππβπ Λπ(π) β π» π (π)π(π) (39)
[οΈ
π½π (π») =
π=0
where ππβπ weights the relative importance of each squared error. In order to find the π» that
minimizes the convex function (39) it is enough to impose its gradient to zero, i.e.,
βπ» π½π (π») = 0 (40)
That is equivalent to
π
ππ (π)π»(π) = π
ππ (π) (41)
�where
π
ππ (π) = βοΈππ=0 ππβπ π(π)π π (π)
βοΈ
(42)
π
ππ (π) = ππ=0 ππβπ π(π)π(π)
It follows that the best π» can be computed by
β1
π»(π) = π
ππ (π)π
ππ (π) (43)
Since
π
ππ (π) = ππ
ππ (π β 1) + π(π)π π (π) (44)
it follows that
β1 1 [οΈ β1 β1
π
ππ (π β 1) β π(π)π π (π)π
ππ (45)
]οΈ
π
ππ (π) = (π β 1)
π
where π(π) is equal to
β1
π
ππ (π β 1)π(π)
π(π) = β1 (46)
π + π π (π)π
ππ (π β 1)π(π)
Instead, matrix π
ππ (π) in (43) can be written as
π
ππ (π) = ππ
ππ (π β 1) + π(π)π(π) (47)
Thus, inserting Eq (47) and Eq (45)in Eq (43) and rearranging the terms, we obtain
β1
π»(π) = π»(π β 1) + π
ππ (π)π(π)π(π) (48)
where
π = Λπ(π) β π» π (π β 1)π(π) (49)
By recalling Eq. (46), we can write Eq. (48) as
π»(π) = π»(π β 1) + π(π)π(π) (50)
By introducing, the new notation,
πΉ (π) = π π (π β 1)π(π) (51)
The previous equations can be resumed by the following system
β§
βͺ
βͺ
βͺ πΏ(π) = π(π β 1)πΉ (π)
π½(π) = π + πΉ π (π)πΉ (π)
βͺ
βͺ
βͺ
βͺ
βͺ
βͺ
β¨πΌ(π) =
βͺ 1
β
π½(π)+ ππ½(π)
(52)
π(π) = β1π π(π β 1) β πΌ(π)πΏ(π)πΉ π (π)
[οΈ ]οΈ
βͺ
βͺ
βͺ
βͺ
π(π) = Λπ(π β 1) β πΌ(π)πΏ(π)πΉ π (π)
βͺ
βͺ
βͺ
βͺ
β©π(π) = π»(π β 1) + πΏ(π) π(π)
βͺ
βͺ
π½(π)
It should be noted that by using Eq (52) the estimation adapts in each step in order to decrease
the error. Thus, the system structure is somehow similar to the Kalman filter.
Finally, we define the estimation error as
π(π) = π(π) β π» π (π)π(π) (53)
It is worth noting that the computation of the predicted value from Eq. (38) requires 6πtot +2πtot
2
operations, where πtot = π1 + π2 (π2 + 1) /2.
�4. Experiments
In order to prove the effectiveness of the proposed approach, in this section we present our
experimental results for a real dataset. Specifically, we consider the requests made to the 1998
World Cup Web site between April 30, 1998 and July 26, 1998 1 . During this period of time the
site received 1,352,804,107 requests. The fields of the request structure contain the following
information: (i) timestamp the time of the request, stored as the number of seconds since the
Epoch. The timestamp has been converted to GMT to allow for portability. During the World
Cup the local time was 2 hours ahead of GMT (+0200). In order to determine the local time, each
timestamp must be adjusted by this amount; (ii) clientID a unique integer identifier for the client
that issued the request; due to privacy concerns these mappings cannot be released; note that
each clientID maps to exactly one IP address, and the mappings are preserved across the entire
data set - that is if IP address 0.0.0.0 mapped to clientID π on day π then any request in any of the
data sets containing clientID π also came from IP address 0.0.0.0; (iii) objectID a unique integer
identifier for the requested URL; these mappings are also 1-to-1 and are preserved across the
entire data set; (iv) size the number of bytes in the response; (v) method the method contained
in the clientβs request (e.g., GET); (vi) status this field contains two pieces of information; the 2
highest order bits contain the HTTP version indicated in the clientβs request (e.g., HTTP/1.0);
the remaining 6 bits indicate the response status code (e.g., 200 OK); (vii) type the type of file
requested, generally based on the file extension (.html), or the presence of a parameter list; (viii)
server indicates which server handled the request. The upper 3 bits indicate which region the
server was at; the remaining bits indicate which server at the site handled the request.
In the dataset, 87 days are reported. We use the first one in order to initialise the estimator in
(35) and we use the others as test set by using a rolling horizon method (as in [18]). Particularly,
for each day π‘ we compute the estimation by using all the IP observations in the previous days
[0, π‘ β 1]. The results are reported in Figure 2. The increase of errors in June is due to the sudden
1
0.9
0.8
0.7
0.6
e(n)
0.5
0.4
0.3
0.2
0.1
0
Apr 30 May 14 May 28 Jun 11 Jun 25 Jul 09 Jul 23
days 1998
Figure 2: Estimation error for each day of activity of the website.
increment of different IP accessing the website due to the start of the competition (see [19]). It
should be noted that the estimation error decrease exponentially despite dealing with several
millions of IPs.
1
ftp://ita.ee.lbl.gov/html/contrib/WorldCup.html
� Since the computation of the optimal coefficient π»(π) may require some time, we measure
the percentage of available data that our approach needs in order to provide good results.
Particularly, in this experiment we consider the average estimation error done by the model
at time π‘ by considering a subset of the IPs observed in interval [0, π‘ β 1]. The experimental
results on real data cubes are depicted in Figure 3.
1
Hammerstein models
0.9 Volterra Kerners
sequence clusterings
0.8
0.7
0.6
e(n)
0.5
0.4
0.3
0.2
0.1
0
0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1
ip [%]
Figure 3: Estimation error vs. percentage size of the training set
It should be noted that the Hammerstain model outperform the results by the Volterraβs
kernel as well as the clustering techniques. In more detail, the clustering techniques are the
one less performing. This is due to the nature of the clustering techniques that exploit the
geometric information of the data more than their time dependency. We highlight that despite
the calculation of π»(π) is computational intensive, this does not effect the real time applicability
of the method. In fact, the access decision is taken by considering the estimator Λπ(π) that is
computed once per day. Thus the computation of π»(π) does not need to be fast.
5. Conclusions and Future Work
In this paper, we presented a new way to deal with cyber attack by using Hammerstein models.
Experimental results clearly confirm the effectiveness of the proposed techniques for a real
data set, outperforming other well-known techniques. Future work will have two objectives.
First, we want to consider the problem in a stochastic optimization settings, as for example in
[20]. Second, we want to test the approach on other case studies, by also exploiting knowledge
management methodologies (e.g., [21, 22]).
Acknowledgements
This work is partially supported by NSERC (Canada) and University of Manitoba.
References
[1] M. Goldstein, C. Lampert, M. Reif, A. Stahl, T. Breuel, Bayes optimal ddos mitigation by adaptive history-based ip filtering,
in: Seventh International Conference on Networking (icn 2008), 2008, pp. 174β179.
� [2] H.-X. Tan, W. Seah, Framework for statistical filtering against ddos attacks in manets, 2006, pp. 8 pp.β. doi:10.1109/ICESS.
2005.57.
[3] G. Pack, J. Yoon, E. Collins, C. Estan, On filtering of ddos attacks based on source address prefixes, 2006, pp. 1β12. doi:10.
1109/SECCOMW.2006.359537.
[4] Y. Yang, C.-H. Lung, The role of traffic forecasting in qos routing - a case study of time-dependent routing, 2005, pp. 224 β
228 Vol. 1. doi:10.1109/ICC.2005.1494351.
[5] A. Agrawal, H. Casanova, Clustering hosts in p2p and global computing platforms, 2003, pp. 367β 373. doi:10.1109/
CCGRID.2003.1199389.
[6] A. Cuzzocrea, R. Moussa, G. Xu, Olap*: Effectively and efficiently supporting parallel OLAP over big data, in: Model and
Data Engineering - Third International Conference, MEDI 2013, Amantea, Italy, September 25-27, 2013. Proceedings, 2013,
pp. 38β49.
[7] G. Chatzimilioudis, A. Cuzzocrea, D. Gunopulos, N. Mamoulis, A novel distributed framework for optimizing query routing
trees in wireless sensor networks via optimal operator placement, J. Comput. Syst. Sci. 79 (2013) 349β368.
[8] A. Cuzzocrea, E. Bertino, Privacy preserving OLAP over distributed XML data: A theoretically-sound secure-multiparty-
computation approach, J. Comput. Syst. Sci. 77 (2011) 965β987.
[9] A. Cuzzocrea, V. Russo, Privacy preserving OLAP and OLAP security, in: Encyclopedia of Data Warehousing and Mining,
Second Edition (4 Volumes), 2009, pp. 1575β1581.
[10] A. Bonifati, A. Cuzzocrea, Storing and retrieving xpath fragments in structured P2P networks, Data Knowl. Eng. 59 (2006)
247β269.
[11] R. C. Camara, A. Cuzzocrea, G. M. Grasso, C. K. Leung, S. B. Powell, J. Souza, B. Tang, Fuzzy logic-based data analytics
on predicting the effect of hurricanes on the stock market, in: 2018 IEEE International Conference on Fuzzy Systems,
FUZZ-IEEE 2018, Rio de Janeiro, Brazil, July 8-13, 2018, IEEE, 2018, pp. 1β8.
[12] P. Braun, A. Cuzzocrea, C. K. Leung, A. G. M. Pazdor, S. K. Tanbeer, G. M. Grasso, An innovative framework for supporting
frequent pattern mining problems in iot environments, in: O. Gervasi, B. Murgante, S. Misra, E. N. Stankova, C. M. Torre,
A. M. A. C. Rocha, D. Taniar, B. O. Apduhan, E. Tarantino, Y. Ryu (Eds.), Computational Science and Its Applications - ICCSA
2018 - 18th International Conference, Melbourne, VIC, Australia, July 2-5, 2018, Proceedings, Part V, volume 10964 of Lecture
Notes in Computer Science, Springer, 2018, pp. 642β657.
[13] A. Cuzzocrea, C. Mastroianni, G. M. Grasso, Private databases on the cloud: Models, issues and research perspectives, in:
J. Joshi, G. Karypis, L. Liu, X. Hu, R. Ak, Y. Xia, W. Xu, A. Sato, S. Rachuri, L. H. Ungar, P. S. Yu, R. Govindaraju, T. Suzumura
(Eds.), 2016 IEEE International Conference on Big Data, BigData 2016, Washington DC, USA, December 5-8, 2016, IEEE
Computer Society, 2016, pp. 3656β3661.
[14] A. Cuzzocrea, Accuracy control in compressed multidimensional data cubes for quality of answer-based OLAP tools, in: 18th
International Conference on Scientific and Statistical Database Management, SSDBM 2006, 3-5 July 2006, Vienna, Austria,
Proceedings, IEEE Computer Society, 2006, pp. 301β310.
[15] J. Makhoul, Linear prediction: A tutorial review, Proceedings of the IEEE 63 (1975) 561β580.
[16] Z. Peng, C. Changming, Volterra series theory: A state-of-the-art review, Chinese Science Bulletin (Chinese Version) 60
(2015) 1874. doi:10.1360/N972014-01056.
[17] H. Zhao, J. Zhang, Adaptively combined fir and functional link artificial neural network equalizer for nonlinear communi-
cation channel, IEEE Transactions on Neural Networks 20 (2009) 665β674.
[18] V. Cerone, E. Fadda, D. Regruto, A robust optimization approach to kernel-based nonparametric error-in-variables identi-
fication in the presence of bounded noise, in: 2017 American Control Conference (ACC), IEEE, 2017. doi:10.23919/acc.
2017.7963056.
[19] M. Arlitt, T. Jin, H. packard Laboratories, A workload characterization study of the 7998 world cup web site, ????
[20] E. Fadda, G. Perboli, R. Tadei, Customized multi-period stochastic assignment problem for social engagement and oppor-
tunistic iot, Computers & Operations Research 93 (2018) 41β50.
[21] A. Cuzzocrea, Combining multidimensional user models and knowledge representation and management techniques for
making web services knowledge-aware, Web Intelligence and Agent Systems 4 (2006) 289β312.
[22] M. Cannataro, A. Cuzzocrea, C. Mastroianni, R. Ortale, A. Pugliese, Modeling adaptive hypermedia with an object-oriented
approach and XML, in: M. Levene, A. Poulovassilis (Eds.), Proceedings of the Second International Workshop on Web
Dynamics, WebDyn@WWW 2002, Honululu, HW, USA, May 7, 2002, volume 702 of CEUR Workshop Proceedings, CEUR-
WS.org, 2002, pp. 35β44.
�